AWS
AWS basic info
Find AWS in domain/company
AIO AWS tools
S3
Basic Commands
Find S3 buckets
Check S3 buckets perms and files
S3 examples attacks
Enumerate read access buckets script
IAM
Basic commands
Tools
AWS IAM Cli Enumeration
EBS
Find secrets in public EBS
EBS attack example
EC2
EC2 basic commands
EC2 example attacks
Tools
Cloudfront
Info
Tools
AWS Lambda
Info
Tools
AWS Inspector
AWS RDS
Basic
Attacks
ECR
Info
Tools
ECS
Info
AWS Cognito API
Amazon Cognito is a user identity and data synchronization service. If the website uses other AWS services (like Amazon S3, Amazon Dynamo DB, etc.) Amazon Cognito provides you with delivering temporary credentials with limited privileges that users can use to access database resources.
AWS Systems Manager
Aws Services Summary
AWS Service | Should have been called | Use this to | It's like |
---|---|---|---|
EC2 | Amazon Virtual Servers | Host the bits of things you think of as a computer. | It's handwavy, but EC2 instances are similar to the virtual private servers you'd get at Linode, DigitalOcean or Rackspace. |
IAM | Users, Keys and Certs | Set up additional users, set up new AWS Keys and policies. | |
S3 | Amazon Unlimited FTP Server | Store images and other assets for websites. Keep backups and share files between services. Host static websites. Also, many of the other AWS services write and read from S3. | |
VPC | Amazon Virtual Colocated Rack | Overcome objections that "all our stuff is on the internet!" by adding an additional layer of security. Makes it appear as if all of your AWS services are on the same little network instead of being small pieces in a much bigger network. | If you're familar with networking: VLANs |
Lambda | AWS App Scripts | Run little self contained snippets of JS, Java or Python to do discrete tasks. Sort of a combination of a queue and execution in one. Used for storing and then executing changes to your AWS setup or responding to events in S3 or DynamoDB. | |
API Gateway | API Proxy | Proxy your apps API through this so you can throttle bad client traffic, test new versions, and present methods more cleanly. | 3Scale |
RDS | Amazon SQL | Be your app's Mysql, Postgres, and Oracle database. | Heroku Postgres |
Route53 | Amazon DNS + Domains | Buy a new domain and set up the DNS records for that domain. | DNSimple, GoDaddy, Gandi |
SES | Amazon Transactional Email | Send one-off emails like password resets, notifications, etc. You could use it to send a newsletter if you wrote all the code, but that's not a great idea. | SendGrid, Mandrill, Postmark |
Cloudfront | Amazon CDN | Make your websites load faster by spreading out static file delivery to be closer to where your users are. | MaxCDN, Akamai |
CloudSearch | Amazon Fulltext Search | Pull in data on S3 or in RDS and then search it for every instance of 'Jimmy.' | Sphinx, Solr, ElasticSearch |
DynamoDB | Amazon NoSQL | Be your app's massively scalable key valueish store. | MongoLab |
Elasticache | Amazon Memcached | Be your app's Memcached or Redis. | Redis to Go, Memcachier |
Elastic Transcoder | Amazon Beginning Cut Pro | Deal with video weirdness (change formats, compress, etc.). | |
SQS | Amazon Queue | Store data for future processing in a queue. The lingo for this is storing "messages" but it doesn't have anything to do with email or SMS. SQS doesn't have any logic, it's just a place to put things and take things out. | RabbitMQ, Sidekiq |
WAF | AWS Firewall | Block bad requests to Cloudfront protected sites (aka stop people trying 10,000 passwords against /wp-admin) | Sophos, Kapersky |
Cognito | Amazon OAuth as a Service | Give end users - (non AWS) - the ability to log in with Google, Facebook, etc. | OAuth.io |
Device Farm | Amazon Drawer of Old Android Devices | Test your app on a bunch of different IOS and Android devices simultaneously. | MobileTest, iOS emulator |
Mobile Analytics | Spot on Name, Amazon Product Managers take note | Track what people are doing inside of your app. | Flurry |
SNS | Amazon Messenger | Send mobile notifications, emails and/or SMS messages | UrbanAirship, Twilio |
CodeCommit | Amazon GitHub | Version control your code - hosted Git. | Github, BitBucket |
Code Deploy | Not bad | Get your code from your CodeCommit repo (or Github) onto a bunch of EC2 instances in a sane way. | Heroku, Capistrano |
CodePipeline | Amazon Continuous Integration | Run automated tests on your code and then do stuff with it depending on if it passes those tests. | CircleCI, Travis |
EC2 Container Service | Amazon Docker as a Service | Put a Dockerfile into an EC2 instance so you can run a website. | |
Elastic Beanstalk | Amazon Platform as a Service | Move your app hosted on Heroku to AWS when it gets too expensive. | Heroku, BlueMix, Modulus |
AppStream | Amazon Citrix | Put a copy of a Windows application on a Windows machine that people get remote access to. | Citrix, RDP |
Direct Connect | Pretty spot on actually | Pay your Telco + AWS to get a dedicated leased line from your data center or network to AWS. Cheaper than Internet out for Data. | A toll road turnpike bypassing the crowded side streets. |
Directory Service | Pretty spot on actually | Tie together other apps that need a Microsoft Active Directory to control them. | |
WorkDocs | Amazon Unstructured Files | Share Word Docs with your colleagues. | Dropbox, DataAnywhere |
WorkMail | Amazon Company Email | Give everyone in your company the same email system and calendar. | Google Apps for Domains |
Workspaces | Amazon Remote Computer | Gives you a standard windows desktop that you're remotely controlling. | |
Service Catalog | Amazon Setup Already | Give other AWS users in your group access to preset apps you've built so they don't have to read guides like this. | |
Storage Gateway | S3 pretending it's part of your corporate network | Stop buying more storage to keep Word Docs on. Make automating getting files into S3 from your corporate network easier. | |
Data Pipeline | Amazon ETL | Extract, Transform and Load data from elsewhere in AWS. Schedule when it happens and get alerts when they fail. | |
Elastic Map Reduce | Amazon Hadooper | Iterate over massive text files of raw data that you're keeping in S3. | Treasure Data |
Glacier | Really slow Amazon S3 | Make backups of your backups that you keep on S3. Also, beware the cost of getting data back out in a hurry. For long term archiving. | |
Kinesis | Amazon High Throughput | Ingest lots of data very quickly (for things like analytics or people retweeting Kanye) that you then later use other AWS services to analyze. | Kafka |
RedShift | Amazon Data Warehouse | Store a whole bunch of analytics data, do some processing, and dump it out. | |
Machine Learning | Skynet | Predict future behavior from existing data for problems like fraud detection or "people that bought x also bought y." | |
SWF | Amazon EC2 Queue | Build a service of "deciders" and "workers" on top of EC2 to accomplish a set task. Unlike SQS - logic is set up inside the service to determine how and what should happen. | IronWorker |
Snowball | AWS Big Old Portable Storage | Get a bunch of hard drives you can attach to your network to make getting large amounts (Terabytes of Data) into and out of AWS. | Shipping a Network Attached Storage device to AWS |
CloudFormation | Amazon Services Setup | Set up a bunch of connected AWS services in one go. | |
CloudTrail | Amazon Logging | Log who is doing what in your AWS stack (API calls). | |
CloudWatch | Amazon Status Pager | Get alerts about AWS services messing up or disconnecting. | PagerDuty, Statuspage |
Config | Amazon Configuration Management | Keep from going insane if you have a large AWS setup and changes are happening that you want to track. | |
OpsWorks | Amazon Chef | Handle running your application with things like auto-scaling. | |
Trusted Advisor | Amazon Pennypincher | Find out where you're paying too much in your AWS setup (unused EC2 instances, etc.). | |
Inspector | Amazon Auditor | Scans your AWS setup to determine if you've setup it up in an insecure way | Alert Logic |
AWS vs AD
Last updated